diff --git a/test-vuln.js b/test-vuln.js
new file mode 100644
index 0000000..4a42774
--- /dev/null
+++ b/test-vuln.js
@@ -0,0 +1,10 @@
+// Test file for fork PR
+function executeCommand(userInput) {
+  // Command injection vulnerability
+  return require('child_process').execSync('echo ' + userInput);
+}
+module.exports = { executeCommand };
+// Testing promptfoo-source input
+// Test fork PR action handling
+// Test stdout check
+// Test enable-fork-prs setting